Authors: Yoav Zibin
Multiplayer gaming platforms (such as Come2Play, Skype, Nonoba, Oberon) offer game developers an API to develop new games. Having a secure API is critical to prevent hackers from unlawfully winning a game. Until today, to have a secure API, a developer had to write a server-side extension that determines the game outcome. However, a server-side extension is cumbersome to write (because you have to master two programming languages: for the client- and serverside), error-prone, hard to debug, and risky for the gaming platform that runs 3rd party code on its servers. This paper presents the first Secure client-side-only API (for short JuryAPI ), i.e., the API is secure (the game outcome cannot be changed by hackers) and the API uses only client-side code (without any server-side extensions). JuryAPI mimics real-life games in which each player verifies that other players follow the game rules. In case of disagreement among the players, the server convenes a jury that finds the hacker. Using JuryAPI, one can develop secure multiplayer games using only client-side code, without using any server-side extensions. JuryAPI is an open-source standard developed by the multiplayer gaming company Come2Play, with an open-source flash emulator1. Come2Play freely hosts 3rd party flash games and shares the revenues with the game developers.